10Sstevel@tonic-gate /*
2*4922Sps57422 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
30Sstevel@tonic-gate * Use is subject to license terms.
40Sstevel@tonic-gate */
50Sstevel@tonic-gate
60Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI"
70Sstevel@tonic-gate
80Sstevel@tonic-gate /*
90Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
100Sstevel@tonic-gate *
110Sstevel@tonic-gate * Openvision retains the copyright to derivative works of
120Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this
130Sstevel@tonic-gate * source code before consulting with your legal department.
140Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another
150Sstevel@tonic-gate * product before consulting with your legal department.
160Sstevel@tonic-gate *
170Sstevel@tonic-gate * For further information, read the top-level Openvision
180Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos
190Sstevel@tonic-gate * copyright.
200Sstevel@tonic-gate *
210Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
220Sstevel@tonic-gate *
230Sstevel@tonic-gate */
240Sstevel@tonic-gate
250Sstevel@tonic-gate
260Sstevel@tonic-gate /*
270Sstevel@tonic-gate * kadmin/ktutil/ktutil.c
280Sstevel@tonic-gate *
290Sstevel@tonic-gate * Copyright 1995, 1996 by the Massachusetts Institute of Technology.
300Sstevel@tonic-gate * All Rights Reserved.
310Sstevel@tonic-gate *
320Sstevel@tonic-gate * Export of this software from the United States of America may
330Sstevel@tonic-gate * require a specific license from the United States Government.
340Sstevel@tonic-gate * It is the responsibility of any person or organization contemplating
350Sstevel@tonic-gate * export to obtain such a license before exporting.
362881Smp153739 *
370Sstevel@tonic-gate * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
380Sstevel@tonic-gate * distribute this software and its documentation for any purpose and
390Sstevel@tonic-gate * without fee is hereby granted, provided that the above copyright
400Sstevel@tonic-gate * notice appear in all copies and that both that copyright notice and
410Sstevel@tonic-gate * this permission notice appear in supporting documentation, and that
420Sstevel@tonic-gate * the name of M.I.T. not be used in advertising or publicity pertaining
430Sstevel@tonic-gate * to distribution of the software without specific, written prior
440Sstevel@tonic-gate * permission. Furthermore if you modify this software you must label
450Sstevel@tonic-gate * your software as modified software and not distribute it in such a
460Sstevel@tonic-gate * fashion that it might be confused with the original M.I.T. software.
470Sstevel@tonic-gate * M.I.T. makes no representations about the suitability of
480Sstevel@tonic-gate * this software for any purpose. It is provided "as is" without express
490Sstevel@tonic-gate * or implied warranty.
502881Smp153739 *
510Sstevel@tonic-gate * SS user interface for ktutil.
520Sstevel@tonic-gate */
530Sstevel@tonic-gate
540Sstevel@tonic-gate #include "k5-int.h"
550Sstevel@tonic-gate #include "ktutil.h"
560Sstevel@tonic-gate #include <com_err.h>
570Sstevel@tonic-gate #include <ss/ss.h>
580Sstevel@tonic-gate #include <stdio.h>
590Sstevel@tonic-gate #ifdef HAVE_STDLIB_H
600Sstevel@tonic-gate #include <stdlib.h>
610Sstevel@tonic-gate #endif
620Sstevel@tonic-gate #include <libintl.h>
630Sstevel@tonic-gate #include <locale.h>
640Sstevel@tonic-gate
650Sstevel@tonic-gate extern ss_request_table ktutil_cmds;
660Sstevel@tonic-gate krb5_context kcontext;
670Sstevel@tonic-gate krb5_kt_list ktlist = NULL;
680Sstevel@tonic-gate
main(argc,argv)692881Smp153739 int main(argc, argv)
702881Smp153739 int argc;
712881Smp153739 char *argv[];
720Sstevel@tonic-gate {
732881Smp153739 krb5_error_code retval;
742881Smp153739 int sci_idx;
750Sstevel@tonic-gate
760Sstevel@tonic-gate (void) setlocale(LC_ALL, "");
770Sstevel@tonic-gate
780Sstevel@tonic-gate #if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */
790Sstevel@tonic-gate #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it weren't */
800Sstevel@tonic-gate #endif
810Sstevel@tonic-gate
820Sstevel@tonic-gate (void) textdomain(TEXT_DOMAIN);
830Sstevel@tonic-gate
842881Smp153739 retval = krb5_init_context(&kcontext);
852881Smp153739 if (retval) {
860Sstevel@tonic-gate com_err(argv[0], retval, gettext("while initializing krb5"));
872881Smp153739 exit(1);
882881Smp153739 }
890Sstevel@tonic-gate retval = ktutil_initialize_cmds_table (&ktutil_cmds);
900Sstevel@tonic-gate if (retval) {
910Sstevel@tonic-gate com_err(argv[0], retval,
920Sstevel@tonic-gate gettext("while localizing command description messages"));
930Sstevel@tonic-gate exit(1);
940Sstevel@tonic-gate }
952881Smp153739 sci_idx = ss_create_invocation("ktutil", "5.0", (char *) NULL,
962881Smp153739 &ktutil_cmds, &retval);
972881Smp153739 if (retval) {
982881Smp153739 ss_perror(sci_idx, retval, gettext("creating invocation"));
992881Smp153739 exit(1);
1002881Smp153739 }
1012881Smp153739 retval = ss_listen(sci_idx);
1022881Smp153739 ktutil_free_kt_list(kcontext, ktlist);
1032881Smp153739 exit(0);
1040Sstevel@tonic-gate }
1050Sstevel@tonic-gate
ktutil_clear_list(argc,argv)1062881Smp153739 void ktutil_clear_list(argc, argv)
1072881Smp153739 int argc;
1082881Smp153739 char *argv[];
1090Sstevel@tonic-gate {
1102881Smp153739 krb5_error_code retval;
1110Sstevel@tonic-gate
1122881Smp153739 if (argc != 1) {
1130Sstevel@tonic-gate fprintf(stderr, gettext("%s: invalid arguments\n"), argv[0]);
1142881Smp153739 return;
1152881Smp153739 }
1162881Smp153739 retval = ktutil_free_kt_list(kcontext, ktlist);
1172881Smp153739 if (retval)
1180Sstevel@tonic-gate com_err(argv[0], retval, gettext("while freeing ktlist"));
1192881Smp153739 ktlist = NULL;
1200Sstevel@tonic-gate }
1210Sstevel@tonic-gate
ktutil_read_v5(argc,argv)1222881Smp153739 void ktutil_read_v5(argc, argv)
1232881Smp153739 int argc;
1242881Smp153739 char *argv[];
1250Sstevel@tonic-gate {
1262881Smp153739 krb5_error_code retval;
1270Sstevel@tonic-gate
1282881Smp153739 if (argc != 2) {
1290Sstevel@tonic-gate fprintf(stderr,
1300Sstevel@tonic-gate gettext("%s: must specify keytab to read\n"), argv[0]);
1312881Smp153739 return;
1322881Smp153739 }
1332881Smp153739 retval = ktutil_read_keytab(kcontext, argv[1], &ktlist);
1342881Smp153739 if (retval)
1350Sstevel@tonic-gate com_err(argv[0], retval,
1360Sstevel@tonic-gate gettext("while reading keytab \"%s\""), argv[1]);
1370Sstevel@tonic-gate }
1380Sstevel@tonic-gate
ktutil_read_v4(argc,argv)1392881Smp153739 void ktutil_read_v4(argc, argv)
1402881Smp153739 int argc;
1412881Smp153739 char *argv[];
1420Sstevel@tonic-gate {
1430Sstevel@tonic-gate #ifdef KRB5_KRB4_COMPAT
1442881Smp153739 krb5_error_code retval;
1450Sstevel@tonic-gate
1462881Smp153739 if (argc != 2) {
1470Sstevel@tonic-gate fprintf(stderr,
1480Sstevel@tonic-gate gettext("%s: must specify the srvtab to read\n"), argv[0]);
1492881Smp153739 return;
1502881Smp153739 }
1512881Smp153739 retval = ktutil_read_srvtab(kcontext, argv[1], &ktlist);
1522881Smp153739 if (retval)
1530Sstevel@tonic-gate com_err(argv[0], retval,
1540Sstevel@tonic-gate gettext("while reading srvtab \"%s\""), argv[1]);
1550Sstevel@tonic-gate #else
1560Sstevel@tonic-gate fprintf(stderr, gettext("%s: krb4 support not configured\n"), argv[0]);
1570Sstevel@tonic-gate #endif
1580Sstevel@tonic-gate }
1590Sstevel@tonic-gate
ktutil_write_v5(argc,argv)1602881Smp153739 void ktutil_write_v5(argc, argv)
1612881Smp153739 int argc;
1622881Smp153739 char *argv[];
1630Sstevel@tonic-gate {
1642881Smp153739 krb5_error_code retval;
1650Sstevel@tonic-gate
1662881Smp153739 if (argc != 2) {
1670Sstevel@tonic-gate fprintf(stderr,
1680Sstevel@tonic-gate gettext("%s: must specify keytab to write\n"), argv[0]);
1692881Smp153739 return;
1702881Smp153739 }
1712881Smp153739 retval = ktutil_write_keytab(kcontext, ktlist, argv[1]);
1722881Smp153739 if (retval)
1730Sstevel@tonic-gate com_err(argv[0], retval,
1740Sstevel@tonic-gate gettext("while writing keytab \"%s\""), argv[1]);
1750Sstevel@tonic-gate }
1760Sstevel@tonic-gate
ktutil_write_v4(argc,argv)1772881Smp153739 void ktutil_write_v4(argc, argv)
1782881Smp153739 int argc;
1792881Smp153739 char *argv[];
1800Sstevel@tonic-gate {
1810Sstevel@tonic-gate #ifdef KRB5_KRB4_COMPAT
1822881Smp153739 krb5_error_code retval;
1830Sstevel@tonic-gate
1842881Smp153739 if (argc != 2) {
1850Sstevel@tonic-gate fprintf(stderr,
1860Sstevel@tonic-gate gettext("%s: must specify srvtab to write\n"), argv[0]);
1872881Smp153739 return;
1882881Smp153739 }
1892881Smp153739 retval = ktutil_write_srvtab(kcontext, ktlist, argv[1]);
1902881Smp153739 if (retval)
1910Sstevel@tonic-gate com_err(argv[0], retval,
1920Sstevel@tonic-gate gettext("while writing srvtab \"%s\""), argv[1]);
1930Sstevel@tonic-gate #else
1940Sstevel@tonic-gate fprintf(stderr, gettext("%s: krb4 support not configured\n"), argv[0]);
1950Sstevel@tonic-gate #endif
1960Sstevel@tonic-gate }
1970Sstevel@tonic-gate
ktutil_add_entry(argc,argv)1980Sstevel@tonic-gate void ktutil_add_entry(argc, argv)
1990Sstevel@tonic-gate int argc;
2000Sstevel@tonic-gate char *argv[];
2010Sstevel@tonic-gate {
2020Sstevel@tonic-gate krb5_error_code retval;
2030Sstevel@tonic-gate char *princ = NULL;
2040Sstevel@tonic-gate char *enctype = NULL;
2050Sstevel@tonic-gate krb5_kvno kvno = 0;
2060Sstevel@tonic-gate int use_pass = 0, use_key = 0, i;
2070Sstevel@tonic-gate
2080Sstevel@tonic-gate for (i = 1; i < argc; i++) {
2090Sstevel@tonic-gate if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) {
2100Sstevel@tonic-gate princ = argv[++i];
2110Sstevel@tonic-gate continue;
2120Sstevel@tonic-gate }
2130Sstevel@tonic-gate if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
2140Sstevel@tonic-gate kvno = (krb5_kvno) atoi(argv[++i]);
2150Sstevel@tonic-gate continue;
2160Sstevel@tonic-gate }
2170Sstevel@tonic-gate if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
2180Sstevel@tonic-gate enctype = argv[++i];
2190Sstevel@tonic-gate continue;
2200Sstevel@tonic-gate }
2210Sstevel@tonic-gate if ((strlen(argv[i]) == 9) && !strncmp(argv[i], "-password", 9)) {
2220Sstevel@tonic-gate use_pass++;
2230Sstevel@tonic-gate continue;
2240Sstevel@tonic-gate }
2250Sstevel@tonic-gate if ((strlen(argv[i]) == 4) && !strncmp(argv[i], "-key", 4)) {
2260Sstevel@tonic-gate use_key++;
2270Sstevel@tonic-gate continue;
2280Sstevel@tonic-gate }
2290Sstevel@tonic-gate }
2300Sstevel@tonic-gate
2310Sstevel@tonic-gate if (argc != 8 || !(princ && kvno && enctype) || (use_pass+use_key != 1)) {
2320Sstevel@tonic-gate fprintf(stderr, "%s: %s (-key | -password) -p principal "
2330Sstevel@tonic-gate "-k kvno -e enctype\n", gettext("usage"), argv[0]);
2340Sstevel@tonic-gate return;
2350Sstevel@tonic-gate }
2360Sstevel@tonic-gate
2370Sstevel@tonic-gate retval = ktutil_add(kcontext, &ktlist, princ, kvno, enctype, use_pass);
2380Sstevel@tonic-gate if (retval)
2390Sstevel@tonic-gate com_err(argv[0], retval, gettext("while adding new entry"));
2400Sstevel@tonic-gate }
2410Sstevel@tonic-gate
ktutil_delete_entry(argc,argv)2422881Smp153739 void ktutil_delete_entry(argc, argv)
2432881Smp153739 int argc;
2442881Smp153739 char *argv[];
2450Sstevel@tonic-gate {
2462881Smp153739 krb5_error_code retval;
2470Sstevel@tonic-gate
2482881Smp153739 if (argc != 2) {
2492881Smp153739 fprintf(stderr,
2502881Smp153739 gettext("%s: must specify entry to delete\n"), argv[0]);
2512881Smp153739 return;
2522881Smp153739 }
2532881Smp153739 retval = ktutil_delete(kcontext, &ktlist, atoi(argv[1]));
2542881Smp153739 if (retval)
2552881Smp153739 com_err(argv[0], retval,
2560Sstevel@tonic-gate gettext("while deleting entry %d"), atoi(argv[1]));
2570Sstevel@tonic-gate }
2580Sstevel@tonic-gate
ktutil_list(argc,argv)2592881Smp153739 void ktutil_list(argc, argv)
2602881Smp153739 int argc;
2612881Smp153739 char *argv[];
2620Sstevel@tonic-gate {
2632881Smp153739 krb5_error_code retval;
2642881Smp153739 krb5_kt_list lp;
2652881Smp153739 int show_time = 0, show_keys = 0, show_enctype = 0;
2662881Smp153739 int i, j;
2672881Smp153739 char *pname;
2680Sstevel@tonic-gate
2692881Smp153739 for (i = 1; i < argc; i++) {
2702881Smp153739 if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-t", 2)) {
2712881Smp153739 show_time++;
2722881Smp153739 continue;
2730Sstevel@tonic-gate }
2742881Smp153739 if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
2752881Smp153739 show_keys++;
2762881Smp153739 continue;
2772881Smp153739 }
2782881Smp153739 if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
2792881Smp153739 show_enctype++;
2802881Smp153739 continue;
2810Sstevel@tonic-gate }
2820Sstevel@tonic-gate
2832881Smp153739 fprintf(stderr, "%s: %s [-t] [-k] [-e]\n", gettext("usage"), argv[0]);
2842881Smp153739 return;
2852881Smp153739 }
2862881Smp153739 if (show_time) {
2872881Smp153739 printf(gettext("slot KVNO Timestamp Principal\n"));
2882881Smp153739 printf("---- ---- ----------------- ---------------------------------------------------\n");
2892881Smp153739 } else {
2902881Smp153739 printf(gettext("slot KVNO Principal\n"));
2912881Smp153739 printf("---- ---- ---------------------------------------------------------------------\n");
2922881Smp153739 }
2932881Smp153739 for (i = 1, lp = ktlist; lp; i++, lp = lp->next) {
2942881Smp153739 retval = krb5_unparse_name(kcontext, lp->entry->principal, &pname);
2952881Smp153739 if (retval) {
2962881Smp153739 com_err(argv[0], retval,
2972881Smp153739 gettext("while unparsing principal name"));
2982881Smp153739 return;
2992881Smp153739 }
3002881Smp153739 printf("%4d %4d ", i, lp->entry->vno);
3012881Smp153739 if (show_time) {
3022881Smp153739 char fmtbuf[18];
3032881Smp153739 char fill;
3042881Smp153739 time_t tstamp;
3052881Smp153739
3062881Smp153739 (void) localtime(&tstamp);
3072881Smp153739 lp->entry->timestamp = tstamp;
3082881Smp153739 fill = ' ';
3092881Smp153739 if (!krb5_timestamp_to_sfstring((krb5_timestamp)lp->entry->
3102881Smp153739 timestamp,
3112881Smp153739 fmtbuf,
3122881Smp153739 sizeof(fmtbuf),
3132881Smp153739 &fill))
3142881Smp153739 printf("%s ", fmtbuf);
3152881Smp153739 }
3162881Smp153739 printf("%40s", pname);
3172881Smp153739 if (show_enctype) {
3182881Smp153739 static char buf[256];
3192881Smp153739 if ((retval = krb5_enctype_to_string(
3202881Smp153739 lp->entry->key.enctype, buf, 256))) {
321*4922Sps57422 if (retval == EINVAL)
322*4922Sps57422 snprintf(buf, sizeof(buf), gettext("unsupported encryption type %d"),
323*4922Sps57422 lp->entry->key.enctype);
324*4922Sps57422 else {
325*4922Sps57422 com_err(argv[0], retval,
326*4922Sps57422 gettext("While converting "
327*4922Sps57422 "enctype to string"));
328*4922Sps57422 return;
329*4922Sps57422 }
3300Sstevel@tonic-gate }
3312881Smp153739 printf(" (%s) ", buf);
3320Sstevel@tonic-gate }
3332881Smp153739
3342881Smp153739 if (show_keys) {
3352881Smp153739 printf(" (0x");
3362881Smp153739 for (j = 0; j < lp->entry->key.length; j++)
3372881Smp153739 printf("%02x", lp->entry->key.contents[j]);
3382881Smp153739 printf(")");
3392881Smp153739 }
3402881Smp153739 printf("\n");
3412881Smp153739 krb5_xfree(pname);
3422881Smp153739 }
3430Sstevel@tonic-gate }
3440Sstevel@tonic-gate
3450Sstevel@tonic-gate
3460Sstevel@tonic-gate
3470Sstevel@tonic-gate
3480Sstevel@tonic-gate
3490Sstevel@tonic-gate
3500Sstevel@tonic-gate
3510Sstevel@tonic-gate
3520Sstevel@tonic-gate
3530Sstevel@tonic-gate
354